The Texas Data Privacy and Security Act (TDPSA), set to take effect on July 1, 2024, introduces a broad scope of regulations impacting nearly all consumer-facing companies operating within Texas. This pivotal legislation is in alignment with global data protection standards, offering a framework for data management and consumer rights. Understanding the impact and scope of the TDPSA can seem daunting, but Higginbotham is here to help you understand some of the key aspects of this act.
Who does the TDPSA apply to?
The TDPSA affects for-profit entities located in Texas or serving Texas residents, with minimal exceptions. With this, it broadens the scope beyond thresholds of data processing or revenue from data sales seen in other states.
Definitions and Terminology
The TDPSA aligns its terminology with that used in many other state privacy laws and the EU’s General Data Protection Regulation (GDPR), helping to enhance clarity and understanding. Key terms include Controller, Processor and Process, each defined to help demarcate roles within data management.
TDPSA Privacy Notice Requirements
Controllers must issue a clear and accessible privacy notice that details:
- Types of personal data processed, including sensitive data
- Purposes for data processing
- Consumer rights exercise procedures
- Data sharing disclosures
Consumer Rights and Special Provisions
The TDPSA affords consumers rights akin to those in other state laws, such as accessing, correcting or deleting their personal data and requesting their data in a portable format. Some unique rights include:
- Opt-in for sensitive data processing
- Opt-out of data sales, targeted advertising and profiling
- Appeal process for denied requests
Special provisions include guidelines on the handling of deidentified data, sensitive data notices and biometric data sales.
Contracts and Enforcement
The TDPSA requires contracts between processors and controllers outlining duties, data security assistance and compliance documentation. In terms of enforcement, under the TDPSA, this responsibility lies with the Texas Attorney General, with civil penalties for violations and no private right of action.
The Importance of TDPSA Compliance
For businesses and consumers alike, understanding and preparing for the TDPSA is crucial. This overview touches on key elements of the TDPSA, but if you’d like to gain more insights into the act and its impact on compliance and strategic data management, you can view a more in-depth summary here.
If you’re seeking assistance with cyber insurance or risk management strategies, whether related to the TDPSA or not, our team can offer guidance and support tailored to your business needs. Learn more about TDPSA regulations and compliance in Higginbotham’s TDSPA whitepaper and, if you need further guidance, talk to one of our cyber insurance specialists.
